pkg:Packagist/baserproject/basercms

All known vulnerabilities

• CRITICAL9.8CVE-2023-25655baserCMS allows any file to be uploaded
  from 0, < 4.7.5
• CRITICAL9.8CVE-2023-25654baserCMS File Uploader Remote Code Execution (RCE) vulnerability
  from 0, < 4.7.5
• CRITICAL9.8CVE-2017-10842baserCMS SQL Injection vulnerability
  from 0, < 3.0.15
• CRITICAL9.1baserCMS Update Functionality Vulnerable to OS Command Injection
  from 0, < 5.2.3
• CRITICAL9.1baserCMS has OS Command Injection Leading to Remote Code Execution (RCE)
  from 0, < 5.2.3
• CRITICAL9.1OS Command Injection Vulnerability and Potential Zip Slip Vulnerability in baserCMS
  from 0, < 4.5.4
• HIGH8.8CSRF in baserCMS 3.0.10 and earlier
  from 0, < 3.0.11
• HIGH8.8baserCMS Cross Site Request Forgery vulnerability
  from 0, < 3.0.11
• HIGH8.8OS Command Injection in baserCMS
  >= 4.0.0, <= 4.1.0.1
• HIGH8.8Code Injection in baserCMS
  from 0, <= 3.0.14
• HIGH8.8CSRF in baserCMS 3.0.10 and earlier
  from 0, <= 3.0.10
• HIGH8.7baserCMS has Unsafe File Upload Leading to Remote Code Execution (RCE)
  from 0, < 5.2.3
• HIGH8.7Cross-site scripting vulnerability in file upload
  from 0, < 4.5.1
• HIGH8.1baserCMS vulnerable to Access Control Bypass
  >= 4.0.0, < 4.1.1
• HIGH7.7Potential Zip Slip Vulnerability in baserCMS
  from 0, < 4.5.4
• HIGH7.7Blog comment posting, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0
  >= 4.4.0, < 4.4.1
• HIGH7.6Cross Site Scripting and RCE in baserCMS
  >= 4.0.0, < 4.3.7
• HIGH7.5Arbitrary file delete in baserCMS
  from 0, < 3.0.15
• HIGH7.3Edit feed settings and others, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0
  >= 4.4.0, < 4.4.1
• HIGH7.3Cross Site Scripting(XSS) Vulnerability in Latest Release 4.3.6 Site basic settings
  >= 4.0.0, < 4.3.7
• HIGH7.3Cross Site Scripting in baserCMS
  >= 4.0.0, < 4.3.7
• HIGH7.2baserCMS Path Traversal Leads to Arbitrary File Write and RCE via Theme File API
  from 0, < 5.2.3
• HIGH7.2RCE in baserCMS before 4.1.4
  from 0, < 4.1.4
• HIGH7.2OS Command Injection in baserCMS
  from 0, < 4.4.5
• HIGH7.2Edit template, Remote Code Execution (RCE) Vulnerability in Latest Release 4.4.0
  >= 4.4.0, < 4.4.1
• HIGH7.1baserCMS is Vulnerable to Cross-site Scripting
  from 0, < 5.2.3
• HIGH7.1baserCMS has a Cross-site Scripting (XSS) Vulnerability in Edit Email Form Settings Feature
  from 0, < 5.1.2
• MEDIUM6.3baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts Feature
  from 0, < 5.1.2
• MEDIUM6.1baserCMS has a Cross-site Scripting (XSS) Vulnerability in HTTP 400 Bad Request
  from 0, < 5.1.2
• MEDIUM6.1baserCMS Cross-site Scripting vulnerability in Site search Feature
  from 0, < 5.0.9
• MEDIUM6.1baserCMS Cross-site Scripting vulnerability in File upload Feature
  from 0, < 4.8.0
• MEDIUM6.1baserCMS Cross-site Scripting Vulnerability in Favorites Feature
  from 0, < 4.8.0
• MEDIUM6.1XSS in baserCMS
  >= 4.0.0, <= 4.1.0.1
• MEDIUM5.6baserCMS OS command injection vulnerability in Installer
  from 0, < 5.0.9
• MEDIUM5.4baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts and Contents list Feature
  from 0, < 5.1.2
• MEDIUM5.4baserCMS Cross-site Scripting vulnerability in Content Management
  from 0, < 5.0.9
• MEDIUM5.4baserCMS Cross-site Scripting vulnerability
  from 0, < 3.0.11
• MEDIUM5.4XSS in baserCMS
  >= 4.0.0, <= 4.1.0.1
• MEDIUM5.4Cross-site Scripting (XSS) in baserCMS
  from 0, < 4.4.5
• MEDIUM5.4Cross-site Scripting (XSS) in baserCMS
  from 0, < 4.4.5
• MEDIUM5.3baserCMS has Mail Form Acceptance Bypass via Public API
  from 0, < 5.2.3
• MEDIUM5.3baserCMS Code Injection Vulnerability in Mail Form Feature
  >= 4.6.0, <= 4.7.6
• MEDIUM5.3Sensitive Data Exposure in baserCMS
  >= 4.0.0, <= 4.1.0.1
• MEDIUM5.3baserCMS Access Control Bypass
  from 0, < 3.0.16
• MEDIUM4.9baserCMS Directory Traversal vulnerability in Form submission data management Feature
  from 0, < 4.8.0
• MEDIUM4.8baserCMS vulnerable to stored Cross-site Scripting
  from 0, < 4.7.2
• MEDIUM4.8baserCMS vulnerable to stored Cross-site Scripting
  from 0, < 4.7.2
• MEDIUM4.8XSS in baserCMS before 4.1.4
  from 0, < 4.1.4
• MEDIUM4.7baserCMS CSRF vulnerability in Content preview Feature
  from 0, < 4.8.0
• MEDIUM4.6baserproject/basercms vulnerable to cross-site scripting (XSS) vulnerability
  from 0, < 4.7.2
• MEDIUM4.3baserCMS arbitrary file upload vulnerability
  >= 4.0.0, < 4.1.1
• —baserCMS has OS command injection vulnerability in installer
  from 0, < 5.2.3
• —baserCMS has a cross-site scripting vulnerability in blog posts
  from 0, < 5.2.3
• —baserCMS has an SQL injection vulnerability in its blog post functionality
  from 0, < 5.2.3
• —BaserCMS privilege escallation
  from 0, < 1.6.12
• —baserCMS Access Control Bypass
  from 0, < 3.0.8